Security experts detected a new kind of Crypto ransomware that uses Tor anonymizing network to hide its antics. The so-called “Critroni” has been flogged on underground forums for a few weeks now and is currently being used by the Angler exploit kit. The most interesting thing is that it is the first crypto ransomware that uses the Tor network for command and control.

Security experts confirm that the news is bad. The current situation is the following: the ransomware landscape is ruled by CryptoLocker, and this part of code is really hard to defeat. The malware encrypts all of the files on the affected PC and demands a settlement from the victim to get the private key to decrypt the information.

Police in the US and Europe shut down the GameOver Zeus malware operation, which proved to be one of the key mechanisms the hackers needed to push CryptoLocker. After that, security researchers ran into adverts for the Critroni ransomware, which is also known as CTB-Locker, first used in the Russian Federation.

The code is currently sold for $3,000 and security researchers confirm that it is now being used by a number of attackers, with some of them using the Angler exploit kit to drop a spambot on users’ computers.

Once on your computer, Critroni encrypts various files, including pictures and documents, and then displays a dialogue box that informs you of the ransomware and demands a payment in exchange to the key to decrypt the files. Normally, victims are given 3 days to pay up the ransom in Bitcoins. The demanded amount is something about $300, for victims in the United States, Canada and Europe.

This particular breed has the unique and interesting feature: it uses the C2 function hidden in the Tor network for its command-and-control infrastructure. According to Fedor Sinitsyn, senior malware analyst at Kaspersky Lab, they found out that the executable code for establishing Tor connection is embedded in the ransomware’s body. The experts had to admit that embedding Tor functions in the malware’s body is not easy from the programming point of view. However, this feature helps Critroni or CTB-Locker avoid detection.

It should be noted that Critroni has been spotted in English and Russian, so the suggestions are that countries using the languages will be first to suffer.

Solution don't use Tor on computers you use for work or business . Use it on that old laptop you have full off stored porns and crap !! Make backup of all that stuff ...And if you get that ransomware lock sh1t,,, format your HD and restore backup ...

Best real solution is to always backup your drive. Believe me,
I've learned the hard way from the late 80's and 90's when virus
back then use to wipe your whole hard drive clean. Looks like
it's gonna be months before the experts break the the executable
code for this bad baby.

Did you read the article, or just the headline? It has nothing whatsoever to do with having TOR on your system: the malware contains the code to connect itself to the TOR network. Even people who've never heard of TOR can get this ransomware on their c

i;ve got lucky a few time as soon as I see that ransome ware come on my screen I immediately shut down my pc ; then go back on in a couple minutes and I do not restore my previous session with google chrome and start fresh ; I;m running Panda Cloud antivirus plus Zemane antimalware and anti keystroke logger ; i;ve backed up all my photo files on a external drive and only run it when i;m doing some photo work or copying files or movies or photos too it ; one needs not to run an external drive with all your files if surfing the net as it can be screwed up by this ransom ware ; i';d like to find these guys and tie them to a tree spread honey on them release a hive of bees on them